poptop on OpenBSD 5.3

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

poptop on OpenBSD 5.3

Alvaro Mantilla Gimenez-4
Hi,

  I am trying to configure poptop on OpenBSD 5.3 without success. I've
installed the package and configured the files as
the /usr/local/share/doc/pkg-readmes/poptop-1.3.4p4 says but didn't work so
I started to change things here and there without success. These are the
facts:

  /etc/pptpd.conf:

   stimeout 10
   noipparam
   logwtmp
   localip 5.5.5.1
   remoteip 5.5.5.2-102


  /etc/ppp/options:

   lock
   auth
   usehostname
   proxyarp
   +MSChap-V2 mppe-128 mppe-stateless


  /etc/ppp/ppp.conf:

   default:
     set log Phase Chat LCP IPCP CCP tun command
     set speed 115200

   pptp:
     set log phase tun
     enable proxy
     set dns 8.8.8.8 8.8.4.4
     set ifaddr 5.5.5.1 5.5.5.0/0 255.255.255.0
     set timeout 0
     enable chap
     enable MSChapV2


And here the error:

   pptpd[25764]: CTRL: Starting call (launching pppd, opening GRE)
   ppp[14716]: Phase: Using interface: tun0
   ppp[14716]: Phase: deflink: Created in closed state
   ppp[14716]: tun0: Command: default: set speed 115200
   ppp[14716]: tun0: Command: pptp: set log phase tun
   ppp[14716]: tun0: Phase: PPP Started (direct mode).
   ppp[14716]: tun0: Phase: bundle: Establish
   ppp[14716]: tun0: Phase: deflink: closed -> opening
   ppp[14716]: tun0: Phase: deflink: Connected!
   ppp[14716]: tun0: Phase: deflink: opening -> carrier
   ppp[14716]: tun0: Phase: deflink: carrier -> lcp
   ppp[14716]: tun0: Phase: bundle: Authenticate
   ppp[14716]: tun0: Phase: deflink: his = none, mine = CHAP 0x81
   ppp[14716]: tun0: Phase: Chap Output: CHALLENGE
   ppp[14716]: tun0: Phase: Chap Input: RESPONSE (49 bytes from testuser)
   ppp[14716]: tun0: Phase: Chap Output: SUCCESS
   ppp[14716]: tun0: Phase: deflink: lcp -> open
   ppp[14716]: tun0: Phase: bundle: Network
   ppp[14716]: tun0: Phase: deflink: open -> lcp
   ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno: Network
is unreachable
   ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network
is unreachable
   ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network
is unreachable
   ppp[14716]: tun0: Phase: bundle: Terminate
   pptpd[25764]: CTRL: EOF or bad error reading ctrl packet length.
   pptpd[25764]: CTRL: couldn't read packet header (exit)
   pptpd[25764]: CTRL: CTRL read failed
   ppp[14716]: tun0: Phase: deflink: read (0): Got zero bytes
   ppp[14716]: tun0: Phase: deflink: Disconnected!
   ppp[14716]: tun0: Phase: deflink: Connect time: 1 secs: 354 octets in,
364 octets out
   ppp[14716]: tun0: Phase: deflink: 7 packets in, 11 packets out
   ppp[14716]: tun0: Phase:  total 718 bytes/sec, peak 0 bytes/sec on Sun
Aug  4 18:23:07 2013
   ppp[14716]: tun0: Phase: deflink: lcp -> closed
   ppp[14716]: tun0: Phase: bundle: Dead
   ppp[14716]: tun0: Phase: PPP Terminated (normal).
   pptpd[25764]: CTRL: Client <truncated_ip> control connection finished


So far I think is not an authentication problem (the authentication process
seems to be "success") and it is a network related issue. However, I do not
how to fix it according to the three lines on the output:

  ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno: Network
is unreachable
  ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network
is unreachable
  ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network
is unreachable

 I enabled and applied on sysctl.conf:

  net.inet.gre.allow=1
  net.inet.gre.wccp=1

Also, I added the pf.conf lines needed to allow traffic from 1723 and GRE
connections and, to be sure, let all traffic from 5.5.5.0 network pass
through the firewall on tun0.

 Any help? What I am missing?

 Thanks in advance,

     Alvaro

Reply | Threaded
Open this post in threaded view
|

Re: poptop on OpenBSD 5.3

Wesley MOUEDINE ASSABY
Hi,

Why not use the embedded package in OpenBSD 5.3 : npppd ??
conf files : /etc/npppd/npppd.conf and npppd-users

Below a link that will help you on :
http://fr.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd


Cheers,

Wesley

Le 2013-08-05 4:48, Alvaro Mantilla Gimenez a écrit :

> Hi,
>
>   I am trying to configure poptop on OpenBSD 5.3 without success.
> I've
> installed the package and configured the files as
> the /usr/local/share/doc/pkg-readmes/poptop-1.3.4p4 says but didn't
> work so
> I started to change things here and there without success. These are
> the
> facts:
>
>   /etc/pptpd.conf:
>
>    stimeout 10
>    noipparam
>    logwtmp
>    localip 5.5.5.1
>    remoteip 5.5.5.2-102
>
>
>   /etc/ppp/options:
>
>    lock
>    auth
>    usehostname
>    proxyarp
>    +MSChap-V2 mppe-128 mppe-stateless
>
>
>   /etc/ppp/ppp.conf:
>
>    default:
>      set log Phase Chat LCP IPCP CCP tun command
>      set speed 115200
>
>    pptp:
>      set log phase tun
>      enable proxy
>      set dns 8.8.8.8 8.8.4.4
>      set ifaddr 5.5.5.1 5.5.5.0/0 255.255.255.0
>      set timeout 0
>      enable chap
>      enable MSChapV2
>
>
> And here the error:
>
>    pptpd[25764]: CTRL: Starting call (launching pppd, opening GRE)
>    ppp[14716]: Phase: Using interface: tun0
>    ppp[14716]: Phase: deflink: Created in closed state
>    ppp[14716]: tun0: Command: default: set speed 115200
>    ppp[14716]: tun0: Command: pptp: set log phase tun
>    ppp[14716]: tun0: Phase: PPP Started (direct mode).
>    ppp[14716]: tun0: Phase: bundle: Establish
>    ppp[14716]: tun0: Phase: deflink: closed -> opening
>    ppp[14716]: tun0: Phase: deflink: Connected!
>    ppp[14716]: tun0: Phase: deflink: opening -> carrier
>    ppp[14716]: tun0: Phase: deflink: carrier -> lcp
>    ppp[14716]: tun0: Phase: bundle: Authenticate
>    ppp[14716]: tun0: Phase: deflink: his = none, mine = CHAP 0x81
>    ppp[14716]: tun0: Phase: Chap Output: CHALLENGE
>    ppp[14716]: tun0: Phase: Chap Input: RESPONSE (49 bytes from
> testuser)
>    ppp[14716]: tun0: Phase: Chap Output: SUCCESS
>    ppp[14716]: tun0: Phase: deflink: lcp -> open
>    ppp[14716]: tun0: Phase: bundle: Network
>    ppp[14716]: tun0: Phase: deflink: open -> lcp
>    ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno:
> Network
> is unreachable
>    ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
> Network
> is unreachable
>    ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
> Network
> is unreachable
>    ppp[14716]: tun0: Phase: bundle: Terminate
>    pptpd[25764]: CTRL: EOF or bad error reading ctrl packet length.
>    pptpd[25764]: CTRL: couldn't read packet header (exit)
>    pptpd[25764]: CTRL: CTRL read failed
>    ppp[14716]: tun0: Phase: deflink: read (0): Got zero bytes
>    ppp[14716]: tun0: Phase: deflink: Disconnected!
>    ppp[14716]: tun0: Phase: deflink: Connect time: 1 secs: 354 octets
> in,
> 364 octets out
>    ppp[14716]: tun0: Phase: deflink: 7 packets in, 11 packets out
>    ppp[14716]: tun0: Phase:  total 718 bytes/sec, peak 0 bytes/sec on
> Sun
> Aug  4 18:23:07 2013
>    ppp[14716]: tun0: Phase: deflink: lcp -> closed
>    ppp[14716]: tun0: Phase: bundle: Dead
>    ppp[14716]: tun0: Phase: PPP Terminated (normal).
>    pptpd[25764]: CTRL: Client <truncated_ip> control connection
> finished
>
>
> So far I think is not an authentication problem (the authentication
> process
> seems to be "success") and it is a network related issue. However, I
> do not
> how to fix it according to the three lines on the output:
>
>   ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno:
> Network
> is unreachable
>   ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
> Network
> is unreachable
>   ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
> Network
> is unreachable
>
>  I enabled and applied on sysctl.conf:
>
>   net.inet.gre.allow=1
>   net.inet.gre.wccp=1
>
> Also, I added the pf.conf lines needed to allow traffic from 1723 and
> GRE
> connections and, to be sure, let all traffic from 5.5.5.0 network
> pass
> through the firewall on tun0.
>
>  Any help? What I am missing?
>
>  Thanks in advance,
>
>      Alvaro

Reply | Threaded
Open this post in threaded view
|

Re: poptop on OpenBSD 5.3

Loïc Blot-2
I approve Wesley,
if you use OpenBSD 5.3 you should use npppd it's simpler than poptop and
have nearly the same functionalities

--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr


Le lundi 05 août 2013 à 08:46 +0400, Wesley MOUEDINE ASSABY a écrit :

> Hi,
>
> Why not use the embedded package in OpenBSD 5.3 : npppd ??
> conf files : /etc/npppd/npppd.conf and npppd-users
>
> Below a link that will help you on :
> http://fr.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd
>
>
> Cheers,
>
> Wesley
>
> Le 2013-08-05 4:48, Alvaro Mantilla Gimenez a écrit :
> > Hi,
> >
> >   I am trying to configure poptop on OpenBSD 5.3 without success.
> > I've
> > installed the package and configured the files as
> > the /usr/local/share/doc/pkg-readmes/poptop-1.3.4p4 says but didn't
> > work so
> > I started to change things here and there without success. These are
> > the
> > facts:
> >
> >   /etc/pptpd.conf:
> >
> >    stimeout 10
> >    noipparam
> >    logwtmp
> >    localip 5.5.5.1
> >    remoteip 5.5.5.2-102
> >
> >
> >   /etc/ppp/options:
> >
> >    lock
> >    auth
> >    usehostname
> >    proxyarp
> >    +MSChap-V2 mppe-128 mppe-stateless
> >
> >
> >   /etc/ppp/ppp.conf:
> >
> >    default:
> >      set log Phase Chat LCP IPCP CCP tun command
> >      set speed 115200
> >
> >    pptp:
> >      set log phase tun
> >      enable proxy
> >      set dns 8.8.8.8 8.8.4.4
> >      set ifaddr 5.5.5.1 5.5.5.0/0 255.255.255.0
> >      set timeout 0
> >      enable chap
> >      enable MSChapV2
> >
> >
> > And here the error:
> >
> >    pptpd[25764]: CTRL: Starting call (launching pppd, opening GRE)
> >    ppp[14716]: Phase: Using interface: tun0
> >    ppp[14716]: Phase: deflink: Created in closed state
> >    ppp[14716]: tun0: Command: default: set speed 115200
> >    ppp[14716]: tun0: Command: pptp: set log phase tun
> >    ppp[14716]: tun0: Phase: PPP Started (direct mode).
> >    ppp[14716]: tun0: Phase: bundle: Establish
> >    ppp[14716]: tun0: Phase: deflink: closed -> opening
> >    ppp[14716]: tun0: Phase: deflink: Connected!
> >    ppp[14716]: tun0: Phase: deflink: opening -> carrier
> >    ppp[14716]: tun0: Phase: deflink: carrier -> lcp
> >    ppp[14716]: tun0: Phase: bundle: Authenticate
> >    ppp[14716]: tun0: Phase: deflink: his = none, mine = CHAP 0x81
> >    ppp[14716]: tun0: Phase: Chap Output: CHALLENGE
> >    ppp[14716]: tun0: Phase: Chap Input: RESPONSE (49 bytes from
> > testuser)
> >    ppp[14716]: tun0: Phase: Chap Output: SUCCESS
> >    ppp[14716]: tun0: Phase: deflink: lcp -> open
> >    ppp[14716]: tun0: Phase: bundle: Network
> >    ppp[14716]: tun0: Phase: deflink: open -> lcp
> >    ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno:
> > Network
> > is unreachable
> >    ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
> > Network
> > is unreachable
> >    ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
> > Network
> > is unreachable
> >    ppp[14716]: tun0: Phase: bundle: Terminate
> >    pptpd[25764]: CTRL: EOF or bad error reading ctrl packet length.
> >    pptpd[25764]: CTRL: couldn't read packet header (exit)
> >    pptpd[25764]: CTRL: CTRL read failed
> >    ppp[14716]: tun0: Phase: deflink: read (0): Got zero bytes
> >    ppp[14716]: tun0: Phase: deflink: Disconnected!
> >    ppp[14716]: tun0: Phase: deflink: Connect time: 1 secs: 354 octets
> > in,
> > 364 octets out
> >    ppp[14716]: tun0: Phase: deflink: 7 packets in, 11 packets out
> >    ppp[14716]: tun0: Phase:  total 718 bytes/sec, peak 0 bytes/sec on
> > Sun
> > Aug  4 18:23:07 2013
> >    ppp[14716]: tun0: Phase: deflink: lcp -> closed
> >    ppp[14716]: tun0: Phase: bundle: Dead
> >    ppp[14716]: tun0: Phase: PPP Terminated (normal).
> >    pptpd[25764]: CTRL: Client <truncated_ip> control connection
> > finished
> >
> >
> > So far I think is not an authentication problem (the authentication
> > process
> > seems to be "success") and it is a network related issue. However, I
> > do not
> > how to fix it according to the three lines on the output:
> >
> >   ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno:
> > Network
> > is unreachable
> >   ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
> > Network
> > is unreachable
> >   ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
> > Network
> > is unreachable
> >
> >  I enabled and applied on sysctl.conf:
> >
> >   net.inet.gre.allow=1
> >   net.inet.gre.wccp=1
> >
> > Also, I added the pf.conf lines needed to allow traffic from 1723 and
> > GRE
> > connections and, to be sure, let all traffic from 5.5.5.0 network
> > pass
> > through the firewall on tun0.
> >
> >  Any help? What I am missing?
> >
> >  Thanks in advance,
> >
> >      Alvaro

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Reply | Threaded
Open this post in threaded view
|

Re: poptop on OpenBSD 5.3

Alvaro Mantilla Gimenez-4
Hi Wesley, Loïc,

   Thanks for the advice. I didn't know about npppd. It seems an
interesting option.
   I am going to try that.

   Cheers,

       Alvaro

2013/8/4 Loïc BLOT <[hidden email]>

> I approve Wesley,
> if you use OpenBSD 5.3 you should use npppd it's simpler than poptop and
> have nearly the same functionalities
>
> --
> Best regards,
> Loïc BLOT,
> UNIX systems, security and network expert
> http://www.unix-experience.fr
>
>
> Le lundi 05 août 2013 à 08:46 +0400, Wesley MOUEDINE ASSABY a écrit :
> > Hi,
> >
> > Why not use the embedded package in OpenBSD 5.3 : npppd ??
> > conf files : /etc/npppd/npppd.conf and npppd-users
> >
> > Below a link that will help you on :
> > http://fr.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd
> >
> >
> > Cheers,
> >
> > Wesley
> >
> > Le 2013-08-05 4:48, Alvaro Mantilla Gimenez a écrit :
> > > Hi,
> > >
> > >   I am trying to configure poptop on OpenBSD 5.3 without success.
> > > I've
> > > installed the package and configured the files as
> > > the /usr/local/share/doc/pkg-readmes/poptop-1.3.4p4 says but didn't
> > > work so
> > > I started to change things here and there without success. These are
> > > the
> > > facts:
> > >
> > >   /etc/pptpd.conf:
> > >
> > >    stimeout 10
> > >    noipparam
> > >    logwtmp
> > >    localip 5.5.5.1
> > >    remoteip 5.5.5.2-102
> > >
> > >
> > >   /etc/ppp/options:
> > >
> > >    lock
> > >    auth
> > >    usehostname
> > >    proxyarp
> > >    +MSChap-V2 mppe-128 mppe-stateless
> > >
> > >
> > >   /etc/ppp/ppp.conf:
> > >
> > >    default:
> > >      set log Phase Chat LCP IPCP CCP tun command
> > >      set speed 115200
> > >
> > >    pptp:
> > >      set log phase tun
> > >      enable proxy
> > >      set dns 8.8.8.8 8.8.4.4
> > >      set ifaddr 5.5.5.1 5.5.5.0/0 255.255.255.0
> > >      set timeout 0
> > >      enable chap
> > >      enable MSChapV2
> > >
> > >
> > > And here the error:
> > >
> > >    pptpd[25764]: CTRL: Starting call (launching pppd, opening GRE)
> > >    ppp[14716]: Phase: Using interface: tun0
> > >    ppp[14716]: Phase: deflink: Created in closed state
> > >    ppp[14716]: tun0: Command: default: set speed 115200
> > >    ppp[14716]: tun0: Command: pptp: set log phase tun
> > >    ppp[14716]: tun0: Phase: PPP Started (direct mode).
> > >    ppp[14716]: tun0: Phase: bundle: Establish
> > >    ppp[14716]: tun0: Phase: deflink: closed -> opening
> > >    ppp[14716]: tun0: Phase: deflink: Connected!
> > >    ppp[14716]: tun0: Phase: deflink: opening -> carrier
> > >    ppp[14716]: tun0: Phase: deflink: carrier -> lcp
> > >    ppp[14716]: tun0: Phase: bundle: Authenticate
> > >    ppp[14716]: tun0: Phase: deflink: his = none, mine = CHAP 0x81
> > >    ppp[14716]: tun0: Phase: Chap Output: CHALLENGE
> > >    ppp[14716]: tun0: Phase: Chap Input: RESPONSE (49 bytes from
> > > testuser)
> > >    ppp[14716]: tun0: Phase: Chap Output: SUCCESS
> > >    ppp[14716]: tun0: Phase: deflink: lcp -> open
> > >    ppp[14716]: tun0: Phase: bundle: Network
> > >    ppp[14716]: tun0: Phase: deflink: open -> lcp
> > >    ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno:
> > > Network
> > > is unreachable
> > >    ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
> > > Network
> > > is unreachable
> > >    ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
> > > Network
> > > is unreachable
> > >    ppp[14716]: tun0: Phase: bundle: Terminate
> > >    pptpd[25764]: CTRL: EOF or bad error reading ctrl packet length.
> > >    pptpd[25764]: CTRL: couldn't read packet header (exit)
> > >    pptpd[25764]: CTRL: CTRL read failed
> > >    ppp[14716]: tun0: Phase: deflink: read (0): Got zero bytes
> > >    ppp[14716]: tun0: Phase: deflink: Disconnected!
> > >    ppp[14716]: tun0: Phase: deflink: Connect time: 1 secs: 354 octets
> > > in,
> > > 364 octets out
> > >    ppp[14716]: tun0: Phase: deflink: 7 packets in, 11 packets out
> > >    ppp[14716]: tun0: Phase:  total 718 bytes/sec, peak 0 bytes/sec on
> > > Sun
> > > Aug  4 18:23:07 2013
> > >    ppp[14716]: tun0: Phase: deflink: lcp -> closed
> > >    ppp[14716]: tun0: Phase: bundle: Dead
> > >    ppp[14716]: tun0: Phase: PPP Terminated (normal).
> > >    pptpd[25764]: CTRL: Client <truncated_ip> control connection
> > > finished
> > >
> > >
> > > So far I think is not an authentication problem (the authentication
> > > process
> > > seems to be "success") and it is a network related issue. However, I
> > > do not
> > > how to fix it according to the three lines on the output:
> > >
> > >   ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno:
> > > Network
> > > is unreachable
> > >   ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
> > > Network
> > > is unreachable
> > >   ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
> > > Network
> > > is unreachable
> > >
> > >  I enabled and applied on sysctl.conf:
> > >
> > >   net.inet.gre.allow=1
> > >   net.inet.gre.wccp=1
> > >
> > > Also, I added the pf.conf lines needed to allow traffic from 1723 and
> > > GRE
> > > connections and, to be sure, let all traffic from 5.5.5.0 network
> > > pass
> > > through the firewall on tun0.
> > >
> > >  Any help? What I am missing?
> > >
> > >  Thanks in advance,
> > >
> > >      Alvaro
>
> [demime 1.01d removed an attachment of type application/pgp-signature
> which had a name of signature.asc]

Reply | Threaded
Open this post in threaded view
|

Re: poptop on OpenBSD 5.3

Marko Cupać
On Mon, 5 Aug 2013 14:46:20 -0600
Alvaro Mantilla Gimenez <[hidden email]> wrote:

> Hi Wesley, Lo__c,
>
>    Thanks for the advice. I didn't know about npppd. It seems an
> interesting option.
>    I am going to try that.

+1 for npppd, i wrote howto (in Serbian though) here:
https://www.mimar.rs/npppd-novi-openbsd-ov-pptpl2tp-server/

Make sure to use latest snapshot, and not 5.3 release, as I experienced hangs:
http://openbsd.7691.n7.nabble.com/Hang-possibly-related-to-pipex-td230816.html

If you still want poptop for any reason, my working ppp.conf (with authentication
from active directory implementation of radius) is as follows:

loop:
 set timeout 0
 set log phase chat connect lcp ipcp command TUN
 set device localhost:pptp
 set dial
 set login
 set mppe 128 stateful
 set ifaddr 192.168.131.1 192.168.131.10-192.168.131.250 255.255.255.255
 set server /var/tmp/loop "" 0177

loop-in:
 set timeout 0
 set log phase lcp ipcp command
 allow mode direct

pptp:
 load loop
 disable pap
 disable chap
 enable mschapv2
 set radius /etc/ppp/radius.conf
 disable deflate pred1
 deny deflate pred1
 disable ipv6cp
 disable ipv6
 accept mppe
 enable proxy
 accept dns
 set dns 192.168.5.21 192.168.5.24
 set device !/etc/ppp/secure

You will also need file /etc/ppp/secure:

#!/bin/sh
exec /usr/sbin/ppp -direct loop-in

Hope this helps.

--
Marko Cupać